Transport for NSW has been impacted by a cyber attack on a file transfer system owned by IT company Accellion, also known as the Accellion data breach.
It said that before the attack was discovered “some Transport for NSW information was taken”.
The Agency said the Accellion system was widely used to share and store files by organisations around the world with Cyber Security NSW managing the NSW Government investigation with the help of forensic specialists.
“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data,” Transport for NSW said.
It said it would ensure that any notification process for those affected would be clearly communicated and secured.
The Agency said the breach was limited to Accellion servers and no other Transport for NSW systems were affected, including systems related to driver licence information or Opal data.
Cyber Security NSW said scammers may try to capitalise on the data breach event and advised customers not to respond to unsolicited phone calls, emails or text messages related to any security matter.
It also issued a recommendation to all NSW residents to take steps to protect their personal information, including implementing multi-factor authentication for online accounts; talking to their financial institution about improving online security; and ensuring anti-virus software was on all their devices.